Jerry,
Thanks for the help. I think you've identified the problem (no local
attribute) but I can't see what to do about it.
> | map attribute uid uid
> | map attribute cn cn
> | map attribute mail mail
> | map attribute *
> | map objectclass account Person
> | map objectclass *
> | -----------------------------snip
> |
> | Can't use DomainName=hisdomain.tld in suffixmassage as there
> | is no local equivalent.
>
> What do you mean no local equivalent? Do you mean there is no
> DomainName attribute defined in the schema on the ldap proxy
> server?
Yes, I mean that I can't find a way to configure the DomainName attribute on
the ldap proxy server. None of the objectclasses that I am aware of have a
DomainName attribute as either required or optional. I see that I could map
it to something other attribute that I do have but I don't think that will
help me with the 'real naming context' where the dn component
DomainName=hisdomain.tld is rejected on startup of slapd. No DomainName in
any of my schemas.
> | mailg# ldapsearch -x -b "" "(uid=username)" mail
> |
> You're actually searching the rootDSE on the ldap
> broxy server here which is not what you expect. I'll
> bet things will work ok if you massage the suffix to
> a non-empty DN.
I did try it with: ldapsearch -x -b "ou=hisorg,dc=mydomain,dc=tld" with the
same results, just picked the wrong one to report. I don't know about the
non-empty DN. It seems to work OK with ldapsearch -b "" direct to the target
server and with Net::LDAP in a script. I can also see the info I want being
returned in the slapd -d 1 trace. I just can't get to use it:
--------------------------------snip
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=2 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 10
do_bind: v3 anonymous bind
connection_get(10): got connid=2
connection_read(10): checking for input on id=2
...
ldap_read: message type search-entry msgid 2, original id 2
ber_scanf fmt ({m{) ber:
>>> dnNormalize: <cn=User Name, uid=username, DomainName=hisdomain.tld>
=> ldap_bv2dn(cn=User Name, uid=username, DomainName=hisdomain.tld,0)
<= ldap_bv2dn(cn=User Name, uid=username, DomainName=hisdomain.tld,0)=0
^^^^^^^^^^^^ ^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^
ldap_msgfree
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=0
ldap_chkResponseList returns NULL
--------------------------------snip
Jim